[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gcc-bugs
Subject:    [Bug middle-end/81400] Stack smashing not caught by stack protector strong and allowing me to stack 
From:       "amonakov at gcc dot gnu.org" <gcc-bugzilla () gcc ! gnu ! org>
Date:       2017-07-31 13:27:54
Message-ID: bug-81400-4-Rsv8Y3v7ua () http ! gcc ! gnu ! org/bugzilla/
[Download RAW message or body]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81400

Alexander Monakov <amonakov at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |amonakov at gcc dot gnu.org

--- Comment #6 from Alexander Monakov <amonakov at gcc dot gnu.org> ---
TLS canary is initialized by the libc; in Glibc sources you can grep for
THREAD_STACK_SET_GUARD.

In this example the leftmost byte of the SSP canary is overwritten by a zero.
This does not change the canary because Glibc deliberately zeroes that leftmost
byte (presumably, to harden against information-leak attacks when a string
function like strcpy can be used to copy the canary value in an
attacker-controlled manner):

https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/dl-osinfo.h;h=823cd8224df939134018fbd8f0227e9f501393ab;hb=HEAD#l63


So what is the GCC bug here? What do we want to change?=


[prev in list] [next in list] [prev in thread] [next in thread]